1. Packages
  2. AWS
  3. API Docs
  4. ec2clientvpn
  5. Route
AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi

aws.ec2clientvpn.Route

Explore with Pulumi AI

Provides additional routes for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator’s Guide.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleEndpoint = new aws.ec2clientvpn.Endpoint("example", {
    description: "Example Client VPN endpoint",
    serverCertificateArn: exampleAwsAcmCertificate.arn,
    clientCidrBlock: "10.0.0.0/16",
    authenticationOptions: [{
        type: "certificate-authentication",
        rootCertificateChainArn: exampleAwsAcmCertificate.arn,
    }],
    connectionLogOptions: {
        enabled: false,
    },
});
const exampleNetworkAssociation = new aws.ec2clientvpn.NetworkAssociation("example", {
    clientVpnEndpointId: exampleEndpoint.id,
    subnetId: exampleAwsSubnet.id,
});
const example = new aws.ec2clientvpn.Route("example", {
    clientVpnEndpointId: exampleEndpoint.id,
    destinationCidrBlock: "0.0.0.0/0",
    targetVpcSubnetId: exampleNetworkAssociation.subnetId,
});
Copy
import pulumi
import pulumi_aws as aws

example_endpoint = aws.ec2clientvpn.Endpoint("example",
    description="Example Client VPN endpoint",
    server_certificate_arn=example_aws_acm_certificate["arn"],
    client_cidr_block="10.0.0.0/16",
    authentication_options=[{
        "type": "certificate-authentication",
        "root_certificate_chain_arn": example_aws_acm_certificate["arn"],
    }],
    connection_log_options={
        "enabled": False,
    })
example_network_association = aws.ec2clientvpn.NetworkAssociation("example",
    client_vpn_endpoint_id=example_endpoint.id,
    subnet_id=example_aws_subnet["id"])
example = aws.ec2clientvpn.Route("example",
    client_vpn_endpoint_id=example_endpoint.id,
    destination_cidr_block="0.0.0.0/0",
    target_vpc_subnet_id=example_network_association.subnet_id)
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2clientvpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleEndpoint, err := ec2clientvpn.NewEndpoint(ctx, "example", &ec2clientvpn.EndpointArgs{
			Description:          pulumi.String("Example Client VPN endpoint"),
			ServerCertificateArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
			ClientCidrBlock:      pulumi.String("10.0.0.0/16"),
			AuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{
				&ec2clientvpn.EndpointAuthenticationOptionArgs{
					Type:                    pulumi.String("certificate-authentication"),
					RootCertificateChainArn: pulumi.Any(exampleAwsAcmCertificate.Arn),
				},
			},
			ConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{
				Enabled: pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		exampleNetworkAssociation, err := ec2clientvpn.NewNetworkAssociation(ctx, "example", &ec2clientvpn.NetworkAssociationArgs{
			ClientVpnEndpointId: exampleEndpoint.ID(),
			SubnetId:            pulumi.Any(exampleAwsSubnet.Id),
		})
		if err != nil {
			return err
		}
		_, err = ec2clientvpn.NewRoute(ctx, "example", &ec2clientvpn.RouteArgs{
			ClientVpnEndpointId:  exampleEndpoint.ID(),
			DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
			TargetVpcSubnetId:    exampleNetworkAssociation.SubnetId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleEndpoint = new Aws.Ec2ClientVpn.Endpoint("example", new()
    {
        Description = "Example Client VPN endpoint",
        ServerCertificateArn = exampleAwsAcmCertificate.Arn,
        ClientCidrBlock = "10.0.0.0/16",
        AuthenticationOptions = new[]
        {
            new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs
            {
                Type = "certificate-authentication",
                RootCertificateChainArn = exampleAwsAcmCertificate.Arn,
            },
        },
        ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs
        {
            Enabled = false,
        },
    });

    var exampleNetworkAssociation = new Aws.Ec2ClientVpn.NetworkAssociation("example", new()
    {
        ClientVpnEndpointId = exampleEndpoint.Id,
        SubnetId = exampleAwsSubnet.Id,
    });

    var example = new Aws.Ec2ClientVpn.Route("example", new()
    {
        ClientVpnEndpointId = exampleEndpoint.Id,
        DestinationCidrBlock = "0.0.0.0/0",
        TargetVpcSubnetId = exampleNetworkAssociation.SubnetId,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2clientvpn.Endpoint;
import com.pulumi.aws.ec2clientvpn.EndpointArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointAuthenticationOptionArgs;
import com.pulumi.aws.ec2clientvpn.inputs.EndpointConnectionLogOptionsArgs;
import com.pulumi.aws.ec2clientvpn.NetworkAssociation;
import com.pulumi.aws.ec2clientvpn.NetworkAssociationArgs;
import com.pulumi.aws.ec2clientvpn.Route;
import com.pulumi.aws.ec2clientvpn.RouteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleEndpoint = new Endpoint("exampleEndpoint", EndpointArgs.builder()
            .description("Example Client VPN endpoint")
            .serverCertificateArn(exampleAwsAcmCertificate.arn())
            .clientCidrBlock("10.0.0.0/16")
            .authenticationOptions(EndpointAuthenticationOptionArgs.builder()
                .type("certificate-authentication")
                .rootCertificateChainArn(exampleAwsAcmCertificate.arn())
                .build())
            .connectionLogOptions(EndpointConnectionLogOptionsArgs.builder()
                .enabled(false)
                .build())
            .build());

        var exampleNetworkAssociation = new NetworkAssociation("exampleNetworkAssociation", NetworkAssociationArgs.builder()
            .clientVpnEndpointId(exampleEndpoint.id())
            .subnetId(exampleAwsSubnet.id())
            .build());

        var example = new Route("example", RouteArgs.builder()
            .clientVpnEndpointId(exampleEndpoint.id())
            .destinationCidrBlock("0.0.0.0/0")
            .targetVpcSubnetId(exampleNetworkAssociation.subnetId())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:ec2clientvpn:Route
    properties:
      clientVpnEndpointId: ${exampleEndpoint.id}
      destinationCidrBlock: 0.0.0.0/0
      targetVpcSubnetId: ${exampleNetworkAssociation.subnetId}
  exampleNetworkAssociation:
    type: aws:ec2clientvpn:NetworkAssociation
    name: example
    properties:
      clientVpnEndpointId: ${exampleEndpoint.id}
      subnetId: ${exampleAwsSubnet.id}
  exampleEndpoint:
    type: aws:ec2clientvpn:Endpoint
    name: example
    properties:
      description: Example Client VPN endpoint
      serverCertificateArn: ${exampleAwsAcmCertificate.arn}
      clientCidrBlock: 10.0.0.0/16
      authenticationOptions:
        - type: certificate-authentication
          rootCertificateChainArn: ${exampleAwsAcmCertificate.arn}
      connectionLogOptions:
        enabled: false
Copy

Create Route Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Route(name: string, args: RouteArgs, opts?: CustomResourceOptions);
@overload
def Route(resource_name: str,
          args: RouteArgs,
          opts: Optional[ResourceOptions] = None)

@overload
def Route(resource_name: str,
          opts: Optional[ResourceOptions] = None,
          client_vpn_endpoint_id: Optional[str] = None,
          destination_cidr_block: Optional[str] = None,
          target_vpc_subnet_id: Optional[str] = None,
          description: Optional[str] = None)
func NewRoute(ctx *Context, name string, args RouteArgs, opts ...ResourceOption) (*Route, error)
public Route(string name, RouteArgs args, CustomResourceOptions? opts = null)
public Route(String name, RouteArgs args)
public Route(String name, RouteArgs args, CustomResourceOptions options)
type: aws:ec2clientvpn:Route
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. RouteArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. RouteArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. RouteArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. RouteArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. RouteArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var examplerouteResourceResourceFromEc2clientvpnroute = new Aws.Ec2ClientVpn.Route("examplerouteResourceResourceFromEc2clientvpnroute", new()
{
    ClientVpnEndpointId = "string",
    DestinationCidrBlock = "string",
    TargetVpcSubnetId = "string",
    Description = "string",
});
Copy
example, err := ec2clientvpn.NewRoute(ctx, "examplerouteResourceResourceFromEc2clientvpnroute", &ec2clientvpn.RouteArgs{
	ClientVpnEndpointId:  pulumi.String("string"),
	DestinationCidrBlock: pulumi.String("string"),
	TargetVpcSubnetId:    pulumi.String("string"),
	Description:          pulumi.String("string"),
})
Copy
var examplerouteResourceResourceFromEc2clientvpnroute = new com.pulumi.aws.ec2clientvpn.Route("examplerouteResourceResourceFromEc2clientvpnroute", com.pulumi.aws.ec2clientvpn.RouteArgs.builder()
    .clientVpnEndpointId("string")
    .destinationCidrBlock("string")
    .targetVpcSubnetId("string")
    .description("string")
    .build());
Copy
exampleroute_resource_resource_from_ec2clientvpnroute = aws.ec2clientvpn.Route("examplerouteResourceResourceFromEc2clientvpnroute",
    client_vpn_endpoint_id="string",
    destination_cidr_block="string",
    target_vpc_subnet_id="string",
    description="string")
Copy
const examplerouteResourceResourceFromEc2clientvpnroute = new aws.ec2clientvpn.Route("examplerouteResourceResourceFromEc2clientvpnroute", {
    clientVpnEndpointId: "string",
    destinationCidrBlock: "string",
    targetVpcSubnetId: "string",
    description: "string",
});
Copy
type: aws:ec2clientvpn:Route
properties:
    clientVpnEndpointId: string
    description: string
    destinationCidrBlock: string
    targetVpcSubnetId: string
Copy

Route Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Route resource accepts the following input properties:

ClientVpnEndpointId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Client VPN endpoint.
DestinationCidrBlock
This property is required.
Changes to this property will trigger replacement.
string
The IPv4 address range, in CIDR notation, of the route destination.
TargetVpcSubnetId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
Description Changes to this property will trigger replacement. string
A brief description of the route.
ClientVpnEndpointId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Client VPN endpoint.
DestinationCidrBlock
This property is required.
Changes to this property will trigger replacement.
string
The IPv4 address range, in CIDR notation, of the route destination.
TargetVpcSubnetId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
Description Changes to this property will trigger replacement. string
A brief description of the route.
clientVpnEndpointId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Client VPN endpoint.
destinationCidrBlock
This property is required.
Changes to this property will trigger replacement.
String
The IPv4 address range, in CIDR notation, of the route destination.
targetVpcSubnetId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
description Changes to this property will trigger replacement. String
A brief description of the route.
clientVpnEndpointId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Client VPN endpoint.
destinationCidrBlock
This property is required.
Changes to this property will trigger replacement.
string
The IPv4 address range, in CIDR notation, of the route destination.
targetVpcSubnetId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
description Changes to this property will trigger replacement. string
A brief description of the route.
client_vpn_endpoint_id
This property is required.
Changes to this property will trigger replacement.
str
The ID of the Client VPN endpoint.
destination_cidr_block
This property is required.
Changes to this property will trigger replacement.
str
The IPv4 address range, in CIDR notation, of the route destination.
target_vpc_subnet_id
This property is required.
Changes to this property will trigger replacement.
str
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
description Changes to this property will trigger replacement. str
A brief description of the route.
clientVpnEndpointId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Client VPN endpoint.
destinationCidrBlock
This property is required.
Changes to this property will trigger replacement.
String
The IPv4 address range, in CIDR notation, of the route destination.
targetVpcSubnetId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
description Changes to this property will trigger replacement. String
A brief description of the route.

Outputs

All input properties are implicitly available as output properties. Additionally, the Route resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Origin string
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
Type string
The type of the route.
Id string
The provider-assigned unique ID for this managed resource.
Origin string
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
Type string
The type of the route.
id String
The provider-assigned unique ID for this managed resource.
origin String
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
type String
The type of the route.
id string
The provider-assigned unique ID for this managed resource.
origin string
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
type string
The type of the route.
id str
The provider-assigned unique ID for this managed resource.
origin str
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
type str
The type of the route.
id String
The provider-assigned unique ID for this managed resource.
origin String
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
type String
The type of the route.

Look up Existing Route Resource

Get an existing Route resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RouteState, opts?: CustomResourceOptions): Route
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        client_vpn_endpoint_id: Optional[str] = None,
        description: Optional[str] = None,
        destination_cidr_block: Optional[str] = None,
        origin: Optional[str] = None,
        target_vpc_subnet_id: Optional[str] = None,
        type: Optional[str] = None) -> Route
func GetRoute(ctx *Context, name string, id IDInput, state *RouteState, opts ...ResourceOption) (*Route, error)
public static Route Get(string name, Input<string> id, RouteState? state, CustomResourceOptions? opts = null)
public static Route get(String name, Output<String> id, RouteState state, CustomResourceOptions options)
resources:  _:    type: aws:ec2clientvpn:Route    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ClientVpnEndpointId Changes to this property will trigger replacement. string
The ID of the Client VPN endpoint.
Description Changes to this property will trigger replacement. string
A brief description of the route.
DestinationCidrBlock Changes to this property will trigger replacement. string
The IPv4 address range, in CIDR notation, of the route destination.
Origin string
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
TargetVpcSubnetId Changes to this property will trigger replacement. string
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
Type string
The type of the route.
ClientVpnEndpointId Changes to this property will trigger replacement. string
The ID of the Client VPN endpoint.
Description Changes to this property will trigger replacement. string
A brief description of the route.
DestinationCidrBlock Changes to this property will trigger replacement. string
The IPv4 address range, in CIDR notation, of the route destination.
Origin string
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
TargetVpcSubnetId Changes to this property will trigger replacement. string
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
Type string
The type of the route.
clientVpnEndpointId Changes to this property will trigger replacement. String
The ID of the Client VPN endpoint.
description Changes to this property will trigger replacement. String
A brief description of the route.
destinationCidrBlock Changes to this property will trigger replacement. String
The IPv4 address range, in CIDR notation, of the route destination.
origin String
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
targetVpcSubnetId Changes to this property will trigger replacement. String
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
type String
The type of the route.
clientVpnEndpointId Changes to this property will trigger replacement. string
The ID of the Client VPN endpoint.
description Changes to this property will trigger replacement. string
A brief description of the route.
destinationCidrBlock Changes to this property will trigger replacement. string
The IPv4 address range, in CIDR notation, of the route destination.
origin string
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
targetVpcSubnetId Changes to this property will trigger replacement. string
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
type string
The type of the route.
client_vpn_endpoint_id Changes to this property will trigger replacement. str
The ID of the Client VPN endpoint.
description Changes to this property will trigger replacement. str
A brief description of the route.
destination_cidr_block Changes to this property will trigger replacement. str
The IPv4 address range, in CIDR notation, of the route destination.
origin str
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
target_vpc_subnet_id Changes to this property will trigger replacement. str
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
type str
The type of the route.
clientVpnEndpointId Changes to this property will trigger replacement. String
The ID of the Client VPN endpoint.
description Changes to this property will trigger replacement. String
A brief description of the route.
destinationCidrBlock Changes to this property will trigger replacement. String
The IPv4 address range, in CIDR notation, of the route destination.
origin String
Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.
targetVpcSubnetId Changes to this property will trigger replacement. String
The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.
type String
The type of the route.

Import

Using pulumi import, import AWS Client VPN routes using the endpoint ID, target subnet ID, and destination CIDR block. All values are separated by a ,. For example:

$ pulumi import aws:ec2clientvpn/route:Route example cvpn-endpoint-1234567890abcdef,subnet-9876543210fedcba,10.1.0.0/24
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.